Find My Raspberry Pi Using NMAP

So you have bought your Raspberry Pi but you don’t have a screen. How can you connect to it. Thankfully the Raspberry Pi has SSH enabled by default, enabling you to connect using SSH. An SSH connection will give you command line access to the Pi and you can use the SSH client on another Linux host or OSX system. Failing that you can install PuTTY in Windows. You know what, I need to know the IP Address of the Raspberry Pi and I don’t have it. Adding a screen to the Pi is a solution but it is beginning to feel a little like the song, there is a hole in my bucket. We are going to discover how we can: “Find My Raspberry Pi using NMAP”.

Keeping Hardware to the Minimum

We will demonstrate how we can connect to the Pi with just and Ethernet cable without the need of adding in a screen, keyboard or mouse. The Pi will have power and an ethernet cable and this is all.

Raspberry Pi is SSH Enabled

As we have already mentioned the Secure Shell Server is running by default on the Raspberry Pi, certainly in the Raspbian Distribution. Connecting is simple using the SSH client from another Linux host or Apple OSX system. On Windows based systems there is an SSH client available at no cost called PuTTY. You will need to download and install this. Once a connection has been made then you can work on the command line or install something like XRDP to allow remote desktop connections to the Pi. The difficulty we have to overcome is locating the IP Address of the Pi. This is the network address that we need to connect to.

Use Wired Connection

If you are using the Raspberry Pi 3 it does come with a built-in WiFi connection, however, at least to begin with we will need a wired connection as we have no method of specifying the WiFi network to connect to if we have not added a screen and keyboard. If using the Pi at home it will connect to the network through the ethernet cable to your hub where it will be assigned an IP Address. Great just what we want, but we will not know the address that has been issued. So we still have a problem!

Install NMAP

NMAP or the Network Mapper is a tool originally developed in 1997 for Linux. Availability is much better now with versions for OSX, Windows and Unix systems as well as the original Linux platform. NMAP can be used by system administrators in locating threats on their network, but we will see how we can find my raspberry pi using NMAP. Make sure that the host we install NMAP onto is on the same network as the Raspberry Pi need locating. In the video, we are using a CentOS Linux system and we install nmap using the command:

sudo yum install -y nmap

Using a Debian based system like Ubuntu or even Raspbian we would use the apt suite to install nmap:

sudo apt-get install -y nmap

Using the MAC Address To Identify a Pi

The MAC Address, or Media Access Control Address, of a host, identifies the serial number of the Network Card. This serial number can be traced back to a vendor. For the Raspberry Pi Foundation, the MAC Address will begin with the characters B8:27:EB. Scanning the network with nmap we can return hosts that are up and their MAC Address. Make you are running the command as root or with sudo as the MAC Address is not returned if you run the command as a standard user. I am using the address range 192.168.0.0/24 as that is the network that I have at home. You will need to adjust to match your network.

sudo nmap -sP 192.168.0.0/24

This should not take too long, perhaps 10 seconds or so. You can always hit the ENTER key to get an update on the progress of the scan. If you have many hosts connected to the network and this may include mobile phones and tablets then we can filter further by piping the result to AWK.

Using AWK to Search the Results

Each record for a running host will be printed in a format similar to the following. Firstly a listing start with Nmap and ends with the MAC Address:

We can see that this relates to an HP system from the returned MAC Address. The databases read by nmap to identify the MAC address prefix is the text file, /usr/share/nmap/nmap-mac-prefixes. The important information to note that the MAC address is display first and is followed on the next line with the IP Address. We really want to display just the IP Address fo those hosts that have a MAC address from Raspberry Pi. We do this with the following command.

Piping the output of nmap to awk we can filter the displayed results. Breaking the awk command down:

/^Nmap/ Search the output for lines beginning with Nmap. This will yield lines similar to:

Nmap scan report for 192.168.0.254

{ipaddress=$NF} The total number of fields in a record is shown by NF. We assign the last field to a variable IP address. The last field in the output is the IP address if we check the output from the previous command.

/B8:27:EB/ We now search for the MAC address of an RPi in the already filtered output.

{print ipaddress} If we do match on both the Nmap and Mac Address searches we have found a Pi and we print the IP Address which awk previously stored.

If we wanted a simpler awk command that displays the complete matches upi may prefer this syntax.